Optimization #6502: schema: avoid - and . in keys - Suricata - Open Information Security Foundation

Actions

Optimization #6502

open

schema: avoid - and . in keys

Added by Philippe Antoine over 1 year ago. Updated 15 days ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

From @Jason Ish

- don't break Elastic, just makes queries harder. '.' will break Elastic and some tools.

git grep '-' etc/schema.json . yields
- bittorrent-dht
- ftp-data
- icmp-prohib
- tcp-reset
- reject-target

These should use underscore

Related issues 1 (1 open — 0 closed)

Actions

#1

Updated by Philippe Antoine over 1 year ago

Related to Documentation #6478: schema: add missing fields added

Actions

#2

Updated by Philippe Antoine over 1 year ago

alert.signature-id would be taken as a math expression.

Actions

#3

Updated by Philippe Antoine over 1 year ago

Need some CI check after fixing the few fields

Actions

#4

Updated by Victor Julien 3 months ago

Target version changed from 8.0.0-beta1 to 8.0.0-rc1

Actions

#5

Updated by Philippe Antoine about 1 month ago

@Jason Ish what do you think about this ? For 8rc1 ?

Actions

#6

Updated by Jason Ish 18 days ago

It would be a breaking change to the log format, thoughts @Victor Julien? Would be nice to clean these up for consistency reasons, otherwise not a lot of value.

Actions

#7

Updated by Victor Julien 15 days ago

Target version changed from 8.0.0-rc1 to 9.0.0-beta1

Actions

Also available in: Atom PDF